[
https://issues.apache.org/jira/browse/MESOS-6540?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15633801#comment-15633801
]
Jie Yu commented on MESOS-6540:
-------------------------------
I think there are two problems here we try to solve:
1) Solving the issue for old style command task so that we can find the proper
namespace to enter for debugging support
2) Moving containerizer launch to the host namespaces and let the process it
exes be the PID 1
For 1), containerizer launch and the executor are in the namespaces (except for
mnt namespace), i think we can use a short term work around to solve that
because we will eventually deprecate the old style command task.
For 2), it a more boarder discussion. that probably means that we need to
ns::clone from linux launcher to containerizer launch. That means the Launcher
interface should hide the details about how user process are created. It should
take a ContainerLaunchInfo in fork and returns a pid that containerizer will
checkpoint. The pid will be the pid of the actual user process. The
mesos-containerizer launch helper will be a detail to Launcher. If ns::clone is
in containerizer launch, then it'll properly send back the translated pid to
containerizer launch which can communicate this pid back to agent using a
simple pipe.
> Pass the forked pid from `containerizer launch` to the agent and checkpoint
> it.
> -------------------------------------------------------------------------------
>
> Key: MESOS-6540
> URL: https://issues.apache.org/jira/browse/MESOS-6540
> Project: Mesos
> Issue Type: Task
> Reporter: Kevin Klues
> Assignee: Kevin Klues
> Labels: debugging, mesosphere
>
> Right now the agent only knows about the pid of the "init" process forked by
> {{launcher->fork()}}. However, in order to properly enter the namespaces of a
> task for a nested container, we actually need the pid of the process that
> gets launched by the {{containerizer launch}} binary.
> Using this pid, isolators can properly enter the namespaces of the actual
> *task* or *executor* launched by the {{containerizer launch}} binary instead
> of just the namespaces of the "init" process (which may be different).
> This will involve opening a domain socket with the {{containerizer launch}}
> binary and passing the translated pid from the forked process back to the
> agent. We can chieve this by opening the socket on the agent and passing the
> path to it using {{launchFlags}}.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
